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DETAILED ACTION 

1. This is in reply to application filed on November 26, 2003. Claims 1-26 have 
been examined. 

Priority 

2. This application does not claim priority. Therefore, the effective filling data for 
the subject matter defined in the pending claims of this application is 
11/26/2003. 

Claim Rejections - 35 USC §101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a 
patent therefor, subject to the conditions and requirements of this title. 

4. Claims 16-20 and 21-26 are rejected under 35 U.S.C. 101 because the subject 
matter is directed to non-statutory subject matter. 

5. Claims 16-20 and 21-26 recites a "computer-readable medium/ media". The 
submitted/ published applicant's disclosure on paragraph 00i28 indicates that such 
computer readable media/ medium may comprise computer storage media and 
communication media. However, Examiner asserts that such a medium does not fall 
within the statutory classes hsted in 35 USC 101, because it embodies the following. 
[See Applicant's submitted/ published disclosure paragraph 0028] 



Communication media typically embodies computer readable instructions, data 
structxires, program modules or other data in a modulated data signal such as a 
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carrier wave or other transport mechanism and includes any information delivery 
media. The term "modulated data signal" means a signal that has one or more of its 
characteristics set or changed in such a manner as to encode information in the signal By 
way of example, and not limitation, communication media includes wired media such as a 
wired network or direct-wired connection, and wireless media such as acoustic, RF, 
infrared and other wireless media. Combinations of the any of the above should also 
be included within the scope of computer readable media/' 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of35U.S.C.112: 

The specification shall conclude with one or more claims particularly pointing out 
and distinctly claiming the subject matter which the applicant regards as his 
invention. 

7. Independent claims 16 and 21 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim 
the subject matter which applicant regards as the invention. Independent claims 16 
and 21, recites the following limitation ''A computer-readable medium for executing 
computer-readable instructions...." 

Examiner asserts the fact that a "computer-readable medium" does not executes 
instructions rather it stores instructions in it. The claim limitations should have been 
written how the instructions stored in the computer-readable medium when executed 
by the appropriate hardware such as a "processor" performs the set of functions/ steps 
recited in the body of the respective independent claims. 

Appropriate correction is required. 

8. Claims 17-20 & 22-26 depend from the rejected independent claims 16 and 21 
respectively, and include all the limitations of the respective claims, thereby 
rendering those dependent claims indefinite. 
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Appropriate correction is required. 

Claim Rejections - 35 USC §102 



9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the invention by 
the applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in 
the United States only if the international application designated the United States 
and was published under Article 21(2) of such treaty in the English language. 

10. Claims 1-26 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Goldberg et al (hereinafter referred as Goldberg) (U.S. Publication No. 2004/00131 12 
Al) (filed on May 9, 2001) 

1 1 . As per independent claims 1. 11. 16 and 21 Goldberg discloses a method 
for dynamically creating and maintaining a set of indices in a computer, wherein 
the indices identify a plurality of filters defining a network policy and wherein the 
indices are used by a firewall to identify a matching filter, comprising: [Abstract, 
figure 6, paragraph OOlS-0017; 0042, 0048-0049 and 0071-0073 and 0082] (On 
abstract the following has been disclosed. "A novel and useful dynamic packet filter 
that can be incorporated in a hardware based firewall suitable for use in portable 
computing devices such as cellular telephones and wireless connected PDAs that are 
adapted to connect to the Internet The invention performs dynamic packet filtering on 
packets received over an input packet stream. The dynamic filter checks dynamic 
protocol behavior using information extracted from the received packet. Sessions 
are createji and stored in a session database to track the state of communications 
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between the source and destination. Recognition of a session is accelerated by use of a 
hash table to quickly determine the corresponding session record in the session database. 
Session related data is read from the session database and the received packet is 
checked against a set of rules for determination of whether to allow or deny the 
packet, Furthermore Figure 6, described how the hashing technique of determining the 
sessions associated input packets," And on paragraph 0073, the following has been 
disclosed, ''Upon receipt of a packet, the socket 100 is input to the hash calculator 102 
which functions to generate and output a hash result 104. The hash result is used as 
the Index to the hash table 106 that comprises a plurality of entries 108 each 
containing a hash pointer. The hash pointer points to a linked list of sessions 110 in 
the session database. Each session record in the session database comprises previous 
114 and next pointers 112 thus implementing a doubly linked list. If a hit on the socket 
occurs, each session in the linked list must be checked for a match with the socket of 
the received packet." Note the hash pointer meet the limitation of the ""indices in a 
computer, wherein the indices identify a plurality of filters defining a network 
policy and wherein the indices are used by a firewall to identify a matching filter.'' 
And the following which is disclosed on paragraph 0015, "the present invention a 
dynamic filter for filtering an input packet stream comprising a session database 
adapted to store session related data for a plurality of sessions, each session 
corresponding to a socket, a session recognition module adapted to search the session 
database for a session whose associated socket matches that of a received packet, a 
session management module adapted to maintain the session database including 
adding, deleting and modifying sessions in the session database and a main filter 
module operative to track a connection state of the session corresponding to a receive 
packet and checking the connection state against a plurality of rules to determine 
whether to allow or deny the received packet" meets the limitation recited as 
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""wherein the indices identify a plurality of filters defining a network policy and 
wherein the indices are used by a firewall to identify a matching filter.") 

• Creating a first index conforming to a first index type; [Paragraph 0073; 
figure 6, see ^Session l**] (Upon receipt of a packet, the socket 100 is input to 
the hash calculator 1 02 which functions to generate and output a hash result 
104. The hash result is used as the index to the hash table 106 that 
comprises a plurality of entries 108 each containing a hash pointer,) 

• Identifying, in the first index, a first set of filters, each filter in the 
first set of filters specifying network packets subject to the network policy; 
[Figure 6 and Paragraph 0016, ""checking the connection state against a pluralitu of 
rules to determine whether to allow or deny the received packet") . 

• Maintaining statistics including a selected criteria and a corresponding 
value, wherein the value identifies a number of filters from the first set of filters 
meeting the selected criteria;./ Paragraph 0104] (Field 30 stores the timestamp used to 
age a session. Time is represented in 16 bits and stored as a time difference or delta in 
accordance with the particular protocol Periodically, the CPU instructs the session 
management module to perform session aging whereby sessions that have aged out are 
closed.) 

^ • Determining that the corresponding value exceeds a threshold 

value; [Claim 8, 20 and 33] (The method, further comprising the step of removing 
sessions whose associated timestamps have exceeded a predetermined 

threshold J 

• Creating a second index conforming to a second index type; identifying, 
in the second index, a second set of filters, wherein the second set of filters are a 
subset of the first set of filters; [Paragraph 0014 and figure 6; See, "Session 2" in a 
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linked list shown on figure 6] (As it is shown on dependent claim 2, and the applicant's 
specification the ^second index type is a linked list.** Such linked list is disclosed on 
paragraph 0073 and figure 6] (On paragraph 0073, the following has been disclosed. 
*l/pdn receipt of a packet, the socket 100 is input to the hash calculator 102 which 
fixnctions to generate and output a hash result 104, The hash result is used as the index 
to the hash table 106 that comprises a plurality of entries 108 each containing a hash 
pointer. The hash pointer points to a linked list of sessions 110 in the session database. 
Each session record in the session database comprises previous 114 and next pointers 
112 thus implementing a doubly linked list If a hit on the socket occurs, each session in 
the linked list must be checked for a match with the socket of the received packet". 
And on paragraph 0014 the following has been disclosed. 

"There is also provided in accordance with the present invention a method of 
monitoring the state of a communications session, the method comprising the steps of 
establishing a Session database adapted to store session related data for a plurality of 
sessions, each session corresponding to a socket, recognizing a session in accordance 
with a first hash calculation on the socket associated with a received packet, recognizing 
a hole session in accordance ivith a second hash calculation on a partial socket 
associated with the received packet, reading session data from the session database, the 
session data associated with either a recognized session or a recognized hole session. 
tracking a connection state of the session and checking the state against a plurality of 
rules to determine whether to allow or deny the received packet and writing updated 
session data back into the session database.") and 

• Removing identification of the subset of filters from the first index. 
[Claim 8, 20 and 33] (The method, further comprising the step of removing 
sessions whose associated timestamps have exceeded a predetermined 

threshold ,) 
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12. As per claim 2, 22 Goldberg discloses a method as applied to claims above. 
Furthermore » Goldberg discloses the method, wherein the second index type is a 
linked list, [paragraph 0073 and paragraph 0057] ((As it is shown on dependent claim 
2, and the applicant's specification the ''second index type is a linked list." Such linked 
list is disclosed on paragraph 0073 and figure 6] (On paragraph 0073, the following has 
been disclosed. ''Upon receipt of a packet, the socket 100 is input to the hash calculator 
102 which fixnctions to generate and output a hash result 104, The hash result is used as 
the index to the hash table 106 that comprises a plurality of entries 108 each containing a 
hash pointer. The hash pointer points to a linked list of sessions 110 in the session 
database. Each session record in the session database comprises previous 114 and next 
pointers 112 thus implementing a doubly linked list If a hit on the socket occurs, each 
session in the linked list must be checked for a match with the socket of the 
received packet'') 

13. As per claims 3-5. 12-14 and 23-25 Goldberg discloses a method as applied 
to claims above. Furthermore, Goldberg discloses the method, wherein the second 
index type is a tree data structure. [Paragraph 0073 and 0057} ("linked list disclosed 
on paragraph 0073 and 0057 and shown on figure 6, is a data structure.) 

14. As per claim 6. IS and 26 Goldberg discloses a method as applied to claims 
above. 

Furthermore, Groldberg discloses the method, wherein the second index is a hash 
table, [paragraph 0057 and 0057, and figure 6 see "hash table"] 

15. As per claims 7, 17 Goldberg discloses a method as applied to claims above. 
Furthermore, Goldberg discloses the method, wherein the plurality of filters 
include a set of filter conditions including a plurality of field types and 
corresponding field data, further comprising: selecting one or more field types 
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from the plurality of field types to be indexed. [See paragraph 0098, ""session 
database record fields] 

16. As per claims 8-9. 18-19 Groldberg discloses a method as applied to claims 
above. Furthermore, Goldberg discloses the method, wherein the second index is a 
linked list, and each filter includes a weight value, further comprising: ordering 
the filters in the linked list such that a filter with a highest weight value is first in 
the linked list and a filter with the lowest weight value is last in the linked list. 
[Figure 6, ref. "'second session"] 

17. As per claims 10, 20 Goldberg discloses a method as applied to claims 
above. Furthermore, Goldberg discloses the method, wherein the second set of 
filters include filter conditions that meet the selected criteria.[ Paragraph 0015 
and figure 6] ("the present invention a dynamic filter for filtering an input packet stream 
comprising a session database adapted to store session related data for a plurality of 
sessions, each session corresponding to a socket, a session recognition module adapted 
to search the session database for a session whose associated socket matches that of a 
received packet, a session management module adapted to maintain the session 
database including adding, deleting and modifying sessions in the session database and 
a main filter module operative to track a connection state of the session corresponding 
to a receive packet and checking the connection state against a plurality of rules to 
determine whether to allow or deny the received packet" meets the limitation 
recited ''second set of filters include filter conditions that meet the selected 
criteria") 

Conclusion 



18. 



The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. (See PTO-Form 892). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Samson B Lemma whose telephone number is 571- 
272-3806. The examiner can normally be reached on Monday-Friday (8:00 am— 4: 
30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, BARRON JR GILBERTO can be reached on 571-272-3799. 
The fax phone number for the organization where this application or proceeding is 
assigned is 571 -873-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto,gov. 
Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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